How to bump up keycloak session

[abhishekraghav]

Hi greetings,

Looks like you have done a good research on mod-auth with keycloak integration. So just need your help on one aspect of keycloak.

The scenario is: I have an app already integrated with mod_auth and keycloak. There is one behavior which i am not understanding i.e. When a user logs in to the app, there are 2 sessions that gets created i.e. KEYCLOAK_SESSION and mod.session. What i found that even if a user is actively working on the app, and calling protected URLs, it doesn't bump up the keycloak session.

What i was thinking that suppose if the access token time is 10 min and SSO time is 30 min. Mod_auth_openidc should try to refresh the access token after the expiry of access token/id token as sson as the ttl of access token is reached and which would then bump up the KEYCLOAK_SESSION as well. But that's not happening,I see in the sessions tab of keycloak, I see the session created time and last session access time is same for any particular user.

Could you please guide, how to make sure that we keep bumping the keycloak session when a user is actively working on the app which is protected by mod_auth and keycloak.

Thanks. Abhishek

[solsson]

If this is about AJAX requests I suggest you have a look at https://github.com/zmartzone/mod_auth_openidc/wiki/Single-Page-Applications

[abhishekraghav]

Hey Solsson,

Thanks for your reply. I will try understanding this, it sounds a bit difficult to understand SPA specification.

One more doubt i have,

Right now i see a lot of claims(e.g. last name, first name, access token, roles etc) coming in the headers from mod_Auth, is there is way to only send 'email' of the authenticated user claim in the header to my protected app.

Thanks.

[zandbelt]

See: https://github.com/zmartzone/mod_auth_openidc/blob/master/auth_openidc.conf#L757

[abhishekraghav]

Many Thanks @zandbelt , this is exactly what i was looking for.

[solsson]

👍